使用@RolesAllowed通过RESTEasy和Jackson过滤实体属性

使用@RolesAllowed通过RESTEasy和Jackson过滤实体属性

如果您不愿意使用

@JsonView

，可以考虑

@JsonFilter

。首先，您需要

SimpleBeanPropertyFilter

根据用户角色扩展和控制序列化：

public class RolebasedPropertyFilter extends SimpleBeanPropertyFilter {    private String allowedRole;    public RolebasedPropertyFilter(String allowedRole) {        this.allowedRole = allowedRole;    }    @Override    public void serializeAsField(Object pojo, JsonGenerator jgen,SerializerProvider provider, PropertyWriter writer) throws Exception {        PermitAll permitAll = writer.getAnnotation(PermitAll.class);        if (permitAll != null) { serializeAsField(pojo, jgen, provider, writer); return;        }        DenyAll denyAll = writer.getAnnotation(DenyAll.class);        if (denyAll != null) { writer.serializeAsOmittedField(pojo, jgen, provider); return;        }        RolesAllowed rolesAllowed = writer.getAnnotation(RolesAllowed.class);        if (rolesAllowed != null) { if (!Arrays.asList(rolesAllowed.value()).contains(allowedRole)) {     writer.serializeAsOmittedField(pojo, jgen, provider);     return; }        }        // If no annotation is provided, the property will be serialized        writer.serializeAsField(pojo, jgen, provider);    }}

要将过滤器应用于某个bean，请使用进行注释

@JsonFilter("rolebasedPropertyFilter")

：

@JsonFilter("rolebasedPropertyFilter")public class User {    private String firstName;    private String lastName;    private String email;    private String password;    public String getFirstName() {        return firstName;    }    public String getLastName() {        return lastName;    }    @RolesAllowed({"ADMIN"})    public String getEmail() {        return email;    }    @DenyAll    public String getPassword() {        return password;    }    // Other getters and setters}

然后，注册您的过滤器在你的

ContextResolver

了

ObjectMapper

：

String currentUserRole = // Get role from the current userFilterProvider filterProvider = new SimpleFilterProvider()        .addFilter("rolebasedPropertyFilter",      new RolebasedPropertyFilter(currentUserRole));ObjectMapper mapper = new ObjectMapper();mapper.setFilterProvider(filterProvider);

---

如果要将过滤器设置为“全局”，即要应用于所有bean，则可以创建一个混合类，并使用对其进行注释

@JsonFilter("rolebasedPropertyFilter")

：

@JsonFilter("rolebasedPropertyFilter")public class RolebasedPropertyFilterMixIn {}

然后将混合类绑定到

Object

：

mapper.addMixIn(Object.class, RolebasedPropertyFilterMixIn.class);